Dell PPDM <=19.12 Improper Access Control Enables Low-Privilege Bypass
CVE-2023-28062 Published on April 11, 2023

Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-28062 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Incorrect Use of Privileged APIs

The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.


Products Associated with CVE-2023-28062

Want to know whenever a new CVE is published for Dell Powerprotect Data Manager? stack.watch will email you.

Dell Powerprotect Data Manager
 

Affected Versions

Dell PPDM Reporting (PowerProtect Data Manager) Version 19.10, 19.11 and 19.12 is affected by CVE-2023-28062

Exploit Probability

EPSS
0.08%
Percentile
22.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.